package com.he.heblog.config.sevurityConfig;

import com.he.heblog.service.UserService;
import com.he.heblog.service.impl.UserServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.util.matcher.AndRequestMatcher;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;

@Configuration
@EnableWebSecurity
public class MySecurityConfig  extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserServiceImpl userService;
    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeHttpRequests()
                .antMatchers("/css/**").permitAll()
                .mvcMatchers("/images/**").permitAll()
                .mvcMatchers("/fonts/**").permitAll()
                .mvcMatchers("/font-awesome/**").permitAll()
                .mvcMatchers("/js/**").permitAll()
                .mvcMatchers("/layui/**").permitAll()
                .mvcMatchers("/login.html").permitAll()
                .mvcMatchers("/front/**").permitAll()
                .mvcMatchers("/register").permitAll()
                .mvcMatchers("/sendMsg").permitAll()
                .mvcMatchers("/user/register/**").permitAll()
                .mvcMatchers("/common/upload").permitAll()
                .mvcMatchers("/article/toWrite").permitAll()
                .mvcMatchers("/articleType/tagList/**").permitAll()
                .anyRequest().permitAll()
                .and()
                .formLogin()
                .loginPage("/login.html")
                .loginProcessingUrl("/doLogin")
                .usernameParameter("uname")
                .passwordParameter("passwd")
                .defaultSuccessUrl("/user/index")
//                .failureUrl("/login.html");

                //显示登录失败信息只能使用请求转发
                .failureForwardUrl("/login.html")
                .and()
//                开启CSRF攻击后，退出登录为post请求
                .logout()
                .logoutUrl("/logout")
                .logoutRequestMatcher(
                        new OrRequestMatcher( new AntPathRequestMatcher("/logout","GET"))
                )
                .logoutSuccessUrl("/login.html")
                .and()
                .csrf()
                .ignoringAntMatchers("/doLogin")
                .ignoringAntMatchers("/common/upload/**")
                .ignoringAntMatchers("/article/addArticle")
                .ignoringAntMatchers("/comment/add")
                .ignoringAntMatchers("/logout")
        ;

    }
/*设置自定义数据源认证*/
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService);
        super.configure(auth);
    }
}
